Managing administrator access to UC systems

Written By Zane England

We recently release Orcamate admin access to provide one time accounts for administrator for the various Cisco UC systems

  • CUCM

  • IMP

  • UCXN

  • Expressway

This the reason for this was get rid of generic user accounts in these systems for security and regulatory compliance reason (SOX/SOX2/GDPR) or if a customer has requirements in a RFP that mandate that all admin access must be access controlled with rolling passwords and audited.

It has been designed to work along side various HCS domain managers when engineers need to perform activities that need to be done directly on these systems such as

  • TFTP file uploads

  • Firmware updates

  • MOH management

  • Log collection and other troubleshooting (have a look at how this is done in the UC Engineer Toolkit)

 

Step 1

User logs in with their LDAP credentials 

 

Step 2

User then select the UC system they need to get

Step 3

Orcamate creates the username and one time password - this is never stored by Yarnman

The user can then cross launch to the UC system 

Step 4

Now the engineer has made the changes required and releases access and the account is removed

Audit Logging

Then after either the engineer releases access or it times out Orcamate goes and collects the audit log and attaches it to the task and we can see what this user did - logging in and changing an enterprise parameter

13:26:31.256 |LogMessage   UserID : yarnman-yarnman  ClientAddress : 10.101.200.92  Severity : 6  EventType : UserLogging  ResourceAccessed: Cisco CallManager Administration  EventStatus : Success  CompulsoryEvent : No  AuditCategory : AdministrativeEvent  ComponentID : Cisco CCM Application  CorrelationID :   AuditDetails : Successfully Logged into Cisco CCM Webpages App ID: Cisco Tomcat Cluster ID:  Node ID: natcucm115
13:27:14.191 |LogMessage   UserID : yarnman-yarnman  ClientAddress : 10.101.200.92  Severity : 5  EventType : GeneralConfigurationUpdate  ResourceAccessed: CUCMAdmin  EventStatus : Failure  CompulsoryEvent : No  AuditCategory : AdministrativeEvent  ComponentID : Cisco CUCM Administration  CorrelationID :   AuditDetails :  record in table device with key field name = 0C85253ED857 updated  App ID: Cisco Tomcat Cluster ID:  Node ID: natcucm115

Now as time goes on the value of having a history of all the manual changes can then allow for analysis of these manual changes that can the provide insights into what UC activities should be automated in the future

Zane England https://www.linkedin.com/in/zaneengland/
Previous

OBTP for HCS VC